PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR PERSONAL INFORMATION, HEALTH INFORMATION, AND YOUR RELATED CHOICES AND RIGHTS. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE OUR SITES.
OUR SITES ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES AND ARE NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA.
Celltrion USA, Inc. (referred to as “Celltrion USA,” “we,” “us,” and “our”) is committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business. We also believe in transparency, and we are committed to informing you about how we treat the data we collect and process.
This policy applies to information we collect:
CHILDREN UNDER THE AGE OF 13
THE SITES ARE NOT INTENDED FOR CHILDREN UNDER 13 YEARS OF AGE. NO ONE UNDER AGE 13 MAY ACCESS, USE THE SERVICES OF, OR OTHERWISE PROVIDE ANY INFORMATION THROUGH THE SITES.
The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. Our Sites and services are not directed to children aged 13 or younger, nor is information knowingly collected from children under the age of 13. No one under the age of 13 may access, browse, or use the Sites or provide any information to or on the Sites. If you are under 13, please do not use or provide any information on the Sites (including, for example, your name, telephone number, email address, or username). If we learn that we have collected or received personal information from a child under the age of 13 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 13, please contact us via the “Contact Us” details provided at the end of this Policy.
BY ACCESSING THE SITES, YOU REPRESENT YOU ARE AT LEAST 13 YEARS OF AGE. For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
WHAT INFORMATION DO WE COLLECT?
We may collect the information listed below for the purposes described in the “How Do We Use and Share Your Information?” section of this Policy.
|Name, Contact Information, and Identifiers
|Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, username, or other similar identifiers.
|Customer and Other Records
|Paper and electronic customer records containing personal data, such as name, signature, physical characteristics or description, billing and/or physical address, telephone number, insurance policy number, medical information, or health insurance information.
|Characteristics of protected classifications under applicable state or federal law such as sex, gender, age, and disability.
|Purchase History and Tendencies
|Commercial information, including records of pharmaceutical products or services considered, purchased, or owned.
|Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.
|Precise geographic location information about a particular individual or device.
|Professional or Employment-Related Information
|As defined under applicable local law, such as certain characteristics of protected classifications, precise geolocation, account login credential and passwords, financial information, and health information (please see the “Health Information” section of this policy for more information).
|Communications and Questions
|Comments, content, questions, or other information that you choose to provide.
|Cookies and Similar Technologies
|Please see the “Cookies and Similar Technologies” section of this Policy for more information.
|Profiles and Inferences
|Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
PLEASE READ THIS SECTION CAREFULLY TO UNDERSTAND HOW WE ACCESS AND USE YOUR PERSONAL HEALTH INFORMATION. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS POLICY, YOU SHOULD NOT PROVIDE INFORMATION THROUGH OUR SITES.
BY PROVIDING INFORMATION THROUGH OUR SITES TO CHECK ELIGIBILITY, CREATE AN ACCOUNT, OR OTHERWISE ACCESS SERVICES, YOU HEREBY CONSENT FOR YOUR PHYSICIANS, PHARMACIES, LABORATORIES, AND OTHER HEALTHCARE PROFESSIONALS (COLLECTIVELY, “HEALTHCARE PROVIDERS”) AND YOUR HEALTH INSURERS TO SHARE YOUR INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION WITH CELLTRION USA, INC., THE CELLTRION PATIENT ASSISTANCE FOUNDATION, CELLTRION AFFILIATES AND ITS VENDORS (COLLECTIVELY, “CELLTRION”) FOR THE SOLE PURPOSE OF PROVIDING YOU REQUESTED SERVICES.
By providing information through our Sites to check eligibility, create an account, or otherwise access services, YOU UNDERSTAND AND ACKNOWLEDGE that your individually identifiable health information may include your full name, address, date of birth, demographic information, financial information, insurance information and information related to medical condition, treatment, care management, medication history, and prescriptions (collectively, “Health Information”), whether in written or verbal form, including portions of your medical record.
Your Health Information will be shared with Celltrion so that we may provide you with various support and information to help you access a Celltrion medicine, which may include the following, depending on the program (collectively, “Patient Support Activities”):
We also may use your Health Information for auditing for compliance with Program requirements, quality assurance purposes, and to evaluate and improve our operations and services.
YOU UNDERSTAND AND ACKNOWLEDGE THAT YOU ARE NOT REQUIRED TO PROVIDE INFORMATION TO CELLTRION. CHOOSING NOT TO PROVIDE INFORMATION TO CELLTRION WILL NOT AFFECT YOUR ABILITY TO RECEIVE TREATMENT FROM YOUR HEALTHCARE PROVIDERS OR PAYMENT FROM YOUR HEALTH INSURER. CHOOSING TO NOT PROVIDE INFORMATION MAY ONLY RESULT IN CELLTRION NOT BEING ABLE TO PROVIDE YOU WITH ASSISTANCE. YOU UNDERSTAND AND ACKNOWLEDGE THAT PROVIDING INFORMATION THROUGH OUR SITES IS ENTIRELY VOLUNTARY AND CONSTITUTES YOUR CONSENT FOR CELLTRION TO ACCESS AND RECEIVE PERSONAL HEALTH INFORMATION ABOUT YOU FROM YOUR HEALTH PROVIDERS.
YOU UNDERSTAND AND ACKNOWLEDGE that once your Health Information is shared, it may no longer be protected by federal privacy law. However, we agree to protect your Health Information and to use it strictly for the purposes described in this policy or as required or permitted by law. Select pharmacies may receive remuneration from Celltrion in exchange for your Health Information and/or for any Patient Support Activities provided to them.
YOU UNDERSTAND AND ACKNOWLEDGE that any information you provide through our Sites constitutes authorization for use by Celltrion for the purposes described in this policy for FOUR YEARS from the date you provide such information or shall otherwise expire at a shorter duration as required under applicable State law, unless you provide written notice that they would like to withdraw their approval to share their Health Information sooner.
MARYLAND USERS: Under Md. Code, Health - Gen. § 4-303(b)(4), this authorization expires ONE YEAR from the date such information is provided. If you would like to withdraw your approval, you may contact us at PO BOX 610 Columbus, OH 43216. This withdrawal will not affect the use or sharing of your Health Information that took place before you withdraw your approval. You understand that you may receive a copy of this agreement.
BY PROVIDING INFORMATION THROUGH OUR SITES TO CHECK ELIGIBILITY, CREATE AN ACCOUNT, OR OTHERWISE ACCESS SERVICES, YOU HEREBY AGREE TO HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”) CONSENT AND ALL OTHER NECESSARY PERMISSIONS AUTHORIZING
THE RELEASE OF YOUR IDENTIFICATION AND INSURANCE INFORMATION, AS WELL AS TO OUR SITES' TERMS AND CONDITIONS (https://www.celtrionconnect.com/terms-conditions).
CORRESPONDENCE VIA TELEPHONE
By providing your phone number to Celltrion when signing up for services from Celltrion, you represent that you are the primary owner of the phone number provided, and YOU HEREBY CONSENT to receiving communications in the form of phone calls or text messages relating to our products and services and/or your condition or treatment. Messages may be sent from an automated system. Consent is not required for you to purchase any goods or services.
Message and Data Rates May Apply. Unsubscribe at any time by replying ‘STOP’ or clicking the unsubscribe link (where available). Text ‘HELP’ for help. Message frequency varies. To the maximum extent permitted by law: (i) all information contained in SMS text messages is provided “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement; and (ii) Celltrion expressly excludes any liability for any direct, indirect, or consequential loss or damage incurred by any user in connection with the receipt, use, failure of, or inability to use, SMS text messages.
YOU HEREBY CONSENT to receive communications from Celltrion and parties acting on its behalf, including calls made with an autodialer or prerecorded voice at the phone number(s) provided to determine your eligibility and provide benefits verification, prior authorization/appeals assistance, and financial assistance resources and information, such as co-pay support or free drug programs, and for other non-marketing purposes. You understand that they can opt-out of these telephonic communications concerning Patient Support Activities at any time by contacting us at 1-877-81CONNC (1-877-812-6662), Monday - Friday, 8 AM - 8 PM ET, or in writing at PO BOX 610 Columbus, OH 43216.
As part of the Celltrion CARES™ Co-pay Assistance Program, YOU HEREBY CONSENT to receive autodialed text messages from Celltrion, any companies working with Celltrion and McKesson entities that support this program, which may include refill reminders and other offers. YOU HEREBY UNDERSTAND AND ACKNOWLEDGE you are not required to consent to receiving text messages as a condition of this savings offer, that message and data rates may apply, and that these text messages will reoccur monthly. You may text ‘STOP’ to opt-out at any time. For help at any time, text ‘HELP’.
For additional support call 1-877-812-6662 (1-877-81CONNC). Participating Carriers: All U.S. Based Carriers. Messages may be delayed or undelivered for various factors. McKesson, carriers (including, but not limited to, T-Mobile) and any service providers utilized by McKesson to send messages are not liable for delayed or undelivered messages.
Celltrion CARES™ is affiliated with Celltrion CONNECT® through Celltrion USA.
HOW DO WE COLLECT YOUR INFORMATION?
In general, we may collect your personal data through various methods, both directly and indirectly. The following non-inclusive list outlines the main ways we collect information about you.
Direct collection of data may occur when you:
Indirect collection of data may occur through:
We may also collect data when you:
Data may be obtained from other sources, such as:
COOKIES AND SIMILAR TECHNOLOGIES
First and Third-Party Cookies
A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” or “permanent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Persistent” or “permanent” cookies may remain stored on your hard drive until they expire or are deleted by you. Local shared objects (or “flash" cookies) may be used to collect and store information about your preferences and navigation to, from, and on the site. First-party cookies are set by the website you’re visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.
Other Similar Technologies
In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. In addition, UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
What Cookies and Similar Technologies Are in Use and Why Do We Use Them?
We use first-party and third-party cookies and similar technologies for purposes such as to improve Site functionality, to measure and track how users interact with the Site, and to perform similar analytics. We may also use first-party and third-party cookies and similar technologies on the Site in order to otherwise tailor our communications with you.
Other Third-Party Technologies
We do not control these third-parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
Choices About Cookies
Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may set your browser to refuse all or some types of cookies or to alert you when cookies are being sent by website tracking technologies and advertising. These settings may affect your enjoyment of the full functionality of the Site. In addition, adjusting the cookie settings may not fully delete all of the cookies that have already been created. To delete them, visit your web browser settings after you have changed your cookie settings. Additional information is provided below about how to disable cookies or manage the cookie settings for some of the leading web browsers:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
We maintain an opt-out feature for the collection of cookies. For additional information about how you can opt out of cookies, you may refer to https://allaboutcookies.org/how-to-manage-cookies. Additionally, some web browsers, such as DuckDuckGo, do not collect cookies by default. By declining cookies or using a browser that does not permit their collection, you may experience some degradation or inconvenience in your use of the Sites.
You can learn more about internet advertising practices and related consumer resources at the following resources:
To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website at: https://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html.
HOW DO WE USE AND SHARE YOUR INFORMATION?
How do we use the information described in this Policy? To the extent permitted by applicable law, we may use the information described in the “What Information Do We Collect?” section above for purposes listed below.
HOW DO WE PROTECT YOUR INFORMATION?
We have implemented measures reasonably designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure; however, we cannot guarantee that data transmission or storage is 100% secure. If you have reason to believe that your interaction with our Sites is no longer secure, please immediately notify us at [email protected].
Importantly, the safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. We highly recommend you do not share this password with anyone nor use it to access any other service. We also urge you to never conduct financial transactions on our Sites using public WiFi, as this can easily be intercepted.
Unfortunately, no transmission of information via the internet is completely secure. Although we do our best to protect your personal and financial information, we cannot guarantee the security of information transmitted to our Site. Any transmission of personal or financial information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites.
WITH WHOM DO WE DISCLOSE YOUR INFORMATION?
To the extent permitted by applicable law, we may share the information described in the “What Information Do We Collect?” section above for purposes listed below.
|We may share your information with our subsidiaries and affiliates and with their respective officers, directors, employees, and agents.
|Acquisitions and Similar Transactions
|We may disclose your information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets. If our business is acquired by or merged with another company, your information may be transferred to the new owners.
|Disclosures with Your Consent
|We may ask if you would like us to share your information with other unaffiliated third-parties who are not described elsewhere in this Policy. We will only disclose your information in this context with your consent.
|Legal Obligations and Rights (Subpoenas, Court Orders, and Warrants)
|We may disclose information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws. We may also share information in order to establish or exercise our legal rights or claims; to defend against a legal claim; and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contracts.
|We may provide information about you to third-parties that may offer products and services specifically requested by you, including authorized representatives and healthcare providers.
|We may share information with our service providers that need access to information to provide operational or other support services on our behalf (e.g., for managing or hosting services and/or underpinning technology for the Services we are providing). Among other things, service providers help us to administer the Sites; support our operations; provide technical support; send communications to you; provide payment processing; and assist with other legitimate purposes permitted by law.
|We may share your information with our and our affiliates’ insurers, auditors, and professional advisors, including attorneys and accountants, that need access to your information to provide operational or other support services on our behalf.
|Deidentified or Aggregated Data
|We may disclose aggregated information or de-identified information that does not identify any specific individual, such as groupings of demographic data or customer preferences.
HOW LONG DO WE STORE AND USE YOUR INFORMATION?
We retain and use your information for as long as is necessary to fulfill the purposes for which it was collected to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to operate our business, and to enforce our agreements. Your information might be handled through both manual and automated methods and kept in our internal database for a duration as may be required by local jurisdictions, adhering to local regulations. The information may be retained for the period necessary to fulfill our legitimate business objectives, legal or contractual responsibilities, the storage duration specified in your consent, or for the establishment, exercise, or defense of legal claims. Once your personal information is no longer required for these reasons, it will be permanently removed.
At our sole discretion, we may delete your information if we believe it is incomplete, inaccurate, or that our continued storage of it is contrary to our objectives or legal obligations. When we delete data, it will be removed from our active servers and databases, but it may remain in our archives when it is not practical or possible to delete it.
To the extent permitted by law, we may retain and use anonymous, de-identified, or aggregated information for performance reporting, benchmarking, and analytic purposes and for operational improvement.
YOUR RIGHTS AND CHOICES REGARDING PERSONAL INFORMATION
We are committed to informing you about your rights and how you can exercise them. Generally, the rights you possess depend on your local jurisdiction's laws and the legal basis we use to process your personal information. There might be certain exceptions regarding both the list of rights you have and your ability to exercise them.
Below are the rights you may exercise with respect to your personal information. You have a right to:
To exercise any of the above rights, please use the “Contact Us” details provided at the end of this Policy. We honor such requests when we are required to do so under applicable law. We may ask you to verify your identity before fulfilling your request. We are obligated to ensure that information is retained and, when legally required, disclosed securely. As a result, we must confirm your identity before responding to any request to protect your privacy and that of others. You may need to provide identification documents to verify your identity and/or authority to act on another's behalf. Once verified, original identification documents will be returned, photocopies destroyed, and electronic copies securely deleted.
If complying with such a request would cause us or our affiliates to breach obligations under applicable laws, regulations, or codes of practice, we might not be able to fulfill your request. However, you could still request that we block or restrict your personal information from further processing. Additionally, you might have the right to data portability to another data controller, which generally means you can ask us to transfer information you've given us to another company or provide it to you.
Additional rights we afford you include:
THIRD-PARTY SITES AND SERVICES
This Policy only applies to the Sites, and it does not apply to any third-party websites or applications.
The Sites may contain links to, and media or other content from, third-parties. These links are to external resources and third-parties that have their own privacy policies. Because of the dynamic media capabilities of the Sites, it may not be clear to you which links are to external, third-party resources. If you click on an embedded third-party link, you will be redirected away from the Sites to the external third-party website. You can check the URL to confirm that you have left the Sites.
We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by or the content and media provided by any third parties or their websites, (2) control third-parties’ independent collection or use or your information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links on the Sites.
While the Sites are intended for users located in the United States, any information you provide to us through use of the Sites may be stored, processed, transferred between, and accessed from the United States and other countries that may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored/accessed.
STATE PRIVACY RIGHTS
This section pertains exclusively to information gathered about consumers in California, Colorado, Connecticut, Iowa, Utah, and Virginia. It fulfills the information requirements outlined in the California Consumer Privacy Act of 2018 and California Privacy Rights Act of 2020 (collectively referred to as "CPRA"), the Colorado Privacy Act of 2021 ("CPA"), the Connecticut Data Privacy Act of 2022 ("CDPA"), the Iowa Consumer Data Protection Act of 2023 ("ICDPA"), the Utah Consumer Privacy Act of 2022 ("UCPA"), and the Virginia Consumer Data Protection Act of 2021 ("VCDPA"). We also include a brief paragraph about information collected from Nevada consumers, which can be found at the end of this section.
Data Rights: In accordance with applicable law, you may request access to the specific pieces of Personal Information we have about you or request more information about our data processing practices. You may also request the deletion of your Personal Information or the correction of any inaccurate Personal Information we have. Additionally, you can opt-out of processing Personal Information for targeted advertising by adjusting your privacy settings on the Site. However, please note that we and/or our Vendors may still track your use of our websites. You may also have the right to opt-out of Personal Information processing for profiling purposes that produce significant legal or similar effects. If you want to appeal our decision on your data subject request, you may contact us at the address listed in the ‘Contact Us’ section of this Policy or by emailing us at [email protected], enclosing a copy or specific reference to the decision you want to appeal. Upon receipt of a verifiable consumer request to correct inaccurate personal information or to delete personal information about you, we shall use commercially reasonable efforts to correct the inaccurate personal information or delete the requested personal information. We will respond to your appeal according to applicable law.
Verification Request: To make a data subject request, you must provide your first and last name, email address, city and state of residence, and which specific right(s) you want to exercise. We will verify your request by comparing the information you provide with any identifiable information we may have about you.
Non-Discrimination: We will not discriminate against you for exercising your data subject rights. However, some functionality and features of our services may change or no longer be available to you. Any difference in the services will be related to the value provided.
Authorized Agent: If you wish to appoint an authorized agent to make a request on your behalf, you must create, sign, and authenticate a letter that clearly identifies your agent and the purposes for which they are appointed. As an authorized agent, you must provide us with the verification request information, described above, about the consumer on whose behalf you are acting, along with your own first and last name, email address, and a signed and notarized letter from the consumer authorizing you as their agent. We may ask you to verify your identity or confirm with us that you have the consumer's permission to make the request. In some cases, we may decline your request if an exception applies under applicable law. We will respond to your request in accordance with applicable law.
Users with Disabilities: We strive to make our services available to all users. If you need to receive the information contained in this document in a different format, please contact us using any method described in the ‘Contact Us’ section below.
California Residents. Under California Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once per calendar year information about the information we shared, if any, with other businesses for direct marketing uses. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response.
The California Consumer Privacy Act and the California Privacy Rights Act together give residents of California the right to opt out of their personal information being sold to third parties, the sharing of their personal information for behavioral advertising, and to limit the use of their sensitive personal information. This may include the Company's, disclosure of personal information with our clients for certain services. The opt-out right has some exemptions such as sharing of information with necessary service providers will remain unaffected and opt-out requests will not affect the Company’s services where personal information is not sold.
If you are a California resident, you can exercise these rights by submitting a request to [email protected]. When submitting the request, please indicate that you are exercising your right to opt-out of the sale or sharing of your personal information or limiting the use of your sensitive personal information, as it will help us to honor your request.
Nevada Residents. You may submit a verifiable request to us at [email protected] to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request. We will respond to your request in accordance with Nevada law.
UPDATES AND CHANGES TO THIS POLICY
We may add to, change, update, or modify this Policy to reflect any changes to how we treat your information or in response to changes in law. Should this Policy change, we will post all changes to this Policy on this page. Any such changes, updates, or modifications will be effective immediately upon posting. The date on which this Policy was last modified is identified at the beginning of this Policy.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Sites, and from time to time, so that you are aware of any changes. Your continued use of the Sites after the “Last Updated” date will constitute your acceptance of and agreement to such changes and to our collection and sharing of your information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, you should not use the Sites.
For more information, or if you have any questions or concerns regarding this Policy, you may contact us using the information below, and we will do our best to assist you.
By Postal Mail:
Celltrion USA, Inc.
Attn: US Compliance
1 Evertrust Plaza
Jersey City, NJ 07302
WE WILL NEVER ASK YOU FOR CREDIT CARD INFORMATION VIA EMAIL. PLEASE DO NOT INCLUDE CREDIT CARD OR OTHER SENSITIVE FINANCIAL INFORMATION IN YOUR EMAILS TO US.